If you built privacy risk management into federal government institutions, all 250 of them that are subject to the Privacy Act, the Privacy Commissioner's job would be a lot easier. That's what I'm looking for. Rather than doing original work, she'd be saying “Come and tell me what wonderful things you are doing”. It would be a privacy check-off at cabinet before anything came forward. Members of Parliament and committee would ask if you had talked to the Privacy Commissioner. That's what we need.
I'm as anti-bureaucratic as you are. It drives me crazy when I see the numbers of people it takes to do things.